Snort mailing list archives
Signature Database
From: "Lancaster, J Jackson Contr SAF/FMPT" <jackson.lancaster () afbudsys disa mil>
Date: Mon, 26 Apr 2004 09:06:58 -0500
Someone had asked about a repository for Snort signatures. I found this on fulldisclosure Snort Signature Database.... Sort of http://seclists.org/lists/fulldisclosure/2004/Apr/0936.html I, amoung many other people that I know, Are interested in keeping our snort instalations as relivant as possible. The most important single activity in this is to keep the signature base up to date. I think that the snort.org guys have done a realy wonderful job of releasing signatures frequently, But I would like to be able to keep more up to the minute with new exploits than they or any other group realy can. I run regular searches and often see people posting signatures on this and other lists but.... I thought it would be handy to have a single "repository" of sorts. So with this in mind I set up phpBB (Yeah I know) and am opening it up to everyone while I work on a better interface to put our signatures into I figured that this was easy and searchable. I would ask that yourpost titles be relevant to the signature... such as "Microsoft - SSLv3 sig - new" or "Cisco IOS 12.1 buffer overflow attack production" This will make it easier down the road, If anyone actualy uses this, and the signature base grows... I am planning to keep this up no matter how big it gets. So I am hoping that People will use it and make suggestions. Link: http://www.snort.gitflorida.com/phpBB2/ Well, Anyone think this is a workable idea.... I am hoping it will help us all keep up to date. James Ashton Jackson Lancaster
Current thread:
- Signature Database Lancaster, J Jackson Contr SAF/FMPT (Apr 26)